Deleting member account created via Terraform

0

Hello, I've created an AWS organization and one member account under this organization with a secondary e-mail address. However, because this was a trial run, I've performed terraform destroy to delete everything. This only suspended the account, however it is still there under the organization and it is preventing me from deleting the organization. I've tried AWS CLI and Console, however I cannot delete the member as none of the options are available to me. Does anyone know how exactly to solve this issue? Do I have to disassociate the account by making it standalone?

Best, Onur

Onur
asked 10 months ago512 views
3 Answers
0
Accepted Answer

To properly close an account under an organization, please follow the steps below:

  1. Activate the Account: If the account is currently suspended, you need to reactivate it before proceeding with the closure process. Contact AWS Support for assistance in reactivating the account.

  2. Remove from the Organization: Once the account is active, navigate to the AWS Organizations console and remove the account from the organization. This step detaches the account from the organization's management and control.

  3. Review Dependencies: Before closing the account, ensure that there are no dependencies or resources tied to the account that may be required by other accounts or services. Review any cross-account roles, shared resources, or integrations and make the necessary adjustments.

  4. Communicate with Organization Members: Inform the members of the organization about the impending account closure. Notify them of any changes or actions they need to take, such as updating cross-account access or transferring resources.

  5. Close the Account: Once you have verified that the account is no longer needed and has been appropriately detached from the organization, you can proceed with closing the account. Follow the AWS documentation or contact AWS Support for guidance on the account closure process.

It's important to note that closing an account permanently deletes all associated data and resources, so ensure that you have backed up any necessary information before initiating the closure.

Please consult the official AWS documentation or contact AWS Support for detailed instructions and assistance in closing an account under an organization.

answered 10 months ago
  • I will do that, thanks!

0

As described in this document, "close_on_deletion" must be set to true in order to delete the file.
Is "close_on_deletion" set to true?
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_account

By default, deleting this Terraform resource will only remove an AWS account from an organization. You must set the close_on_deletion flag to true to close the account. It is worth noting that quotas are enforced when using the close_on_deletion argument, which can produce a CLOSE_ACCOUNT_QUOTA_EXCEEDED error, and require you to close the account manually.

profile picture
EXPERT
answered 10 months ago
  • This document contained a quota description of accounts that can be cancelled within 30 days. Are you caught in the quota here? https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_close.html#orgs_account_close_impacts

    You can only close 10% of member accounts within a rolling 30 day period. This quota is not bound by a calendar month, but starts when you close an account. Within 30 days of that initial account closure, you can't exceed the 10% account closure limit. The minimum account closure is 10 and the maximum account closure is 200, even if 10% of accounts exceeds 200. For more information about Organizations quotas, see Quotas for AWS Organizations.

  • I doubt it is that because this is the first and only account that I've tried to delete.

  • What happens if it is run as the root user? Is it possible to delete it as root user?

  • Even as root user the button to delete is deactivated so I cannot even try on the Console and with CLI I have the access token of my user with admin access and there I cannot delete or remove the account from the organization. After searching the issue online I've seen that some people removed the member account from their organization by adding a payment method and basically making the account standalone. However, I would like to delete the account as well. Is this simply not possible maybe and I have to wait a certain amount of time before it gets deleted?

0

Yes, it is. My terraform resources looks something like this

resource "aws_organizations_account" "account" {
  name  = var.AccountName
  email = var.myEmail
  close_on_deletion = true
  iam_user_access_to_billing = "DENY"
  parent_id = aws_organizations_organizational_unit.example_ou.id
}
Onur
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions